X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=1f0246c0aa8234cf7a454e2842d12e799143644c;hb=9cbd3c2b5b03c29c116a14f196db8a32c7135391;hp=9687ba4b7db81259be782678b64cebae16ae5103;hpb=46ebfbb6eb9966239f7826e002d99554420bbbc8;p=tinc

diff --git a/src/tincctl.c b/src/tincctl.c
index 9687ba4b..1f0246c0 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -1,6 +1,6 @@
 /*
     tincctl.c -- Controlling a running tincd
-    Copyright (C) 2007-2015 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2007-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -89,7 +89,7 @@ static struct option const long_options[] = {
 static void version(void) {
 	printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
 		   BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
-	printf("Copyright (C) 1998-2015 Ivo Timmermans, Guus Sliepen and others.\n"
+	printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n"
 			"See the AUTHORS file for a complete list.\n\n"
 			"tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,\n"
 			"and you are welcome to redistribute it under certain conditions;\n"
@@ -446,11 +446,13 @@ static bool rsa_keygen(int bits, bool ask) {
 	// Make sure the key size is a multiple of 8 bits.
 	bits &= ~0x7;
 
-	// Force them to be between 1024 and 8192 bits long.
-	if(bits < 1024)
-		bits = 1024;
-	if(bits > 8192)
-		bits = 8192;
+	// Make sure that a valid key size is used.
+	if(bits < 1024 || bits > 8192) {
+		fprintf(stderr, "Invalid key size %d specified! It should be between 1024 and 8192 bits.\n", bits);
+		return false;
+	} else if(bits < 2048) {
+		fprintf(stderr, "WARNING: generating a weak %d bits RSA key! 2048 or more bits are recommended.\n", bits);
+	}
 
 	fprintf(stderr, "Generating %d bits keys:\n", bits);
 
@@ -560,6 +562,7 @@ bool sendline(int fd, char *format, ...) {
 
 	va_start(ap, format);
 	blen = vsnprintf(buffer, sizeof buffer, format, ap);
+	buffer[sizeof buffer - 1] = 0;
 	va_end(ap);
 
 	if(blen < 1 || blen >= sizeof buffer)
@@ -718,6 +721,13 @@ bool connect_tincd(bool verbose) {
 	}
 
 	fclose(f);
+	if ((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) {
+		fprintf(stderr, "Could not find tincd running at pid %d\n", pid);
+		/* clean up the stale socket and pid file */
+		unlink(pidfilename);
+		unlink(unixsocketname);
+		return false;
+	}
 
 #ifndef HAVE_MINGW
 	struct sockaddr_un sa;
@@ -878,7 +888,7 @@ static int cmd_start(int argc, char *argv[]) {
 
 	if(!pid) {
 		close(pfd[0]);
-		char buf[100] = "";
+		char buf[100];
 		snprintf(buf, sizeof buf, "%d", pfd[1]);
 		setenv("TINC_UMBILICAL", buf, true);
 		exit(execvp(c, nargv));
@@ -1384,7 +1394,7 @@ static int cmd_pid(int argc, char *argv[]) {
 		return 1;
 	}
 
-	if(!connect_tincd(true) && !pid)
+	if(!connect_tincd(true) || !pid)
 		return 1;
 
 	printf("%d\n", pid);
@@ -1433,7 +1443,7 @@ char *get_my_name(bool verbose) {
 	return NULL;
 }
 
-static ecdsa_t *get_pubkey(FILE *f) {
+ecdsa_t *get_pubkey(FILE *f) {
 	char buf[4096];
 	char *value;
 	while(fgets(buf, sizeof buf, f)) {
@@ -2284,26 +2294,29 @@ static int cmd_exchange_all(int argc, char *argv[]) {
 }
 
 static int switch_network(char *name) {
+	if(strcmp(name, ".")) {
+		if(!check_netname(name, false)) {
+			fprintf(stderr, "Invalid character in netname!\n");
+			return 1;
+		}
+
+		if(!check_netname(name, true))
+			fprintf(stderr, "Warning: unsafe character in netname!\n");
+	}
+
 	if(fd >= 0) {
 		close(fd);
 		fd = -1;
 	}
 
-	free(confbase);
-	confbase = NULL;
-	free(pidfilename);
-	pidfilename = NULL;
-	free(logfilename);
-	logfilename = NULL;
-	free(unixsocketname);
-	unixsocketname = NULL;
+	free_names();
+	netname = strcmp(name, ".") ? xstrdup(name) : NULL;
+	make_names(false);
+
 	free(tinc_conf);
 	free(hosts_dir);
 	free(prompt);
 
-	free(netname);
-	netname = strcmp(name, ".") ? xstrdup(name) : NULL;
-
         xasprintf(&tinc_conf, "%s" SLASH "tinc.conf", confbase);
         xasprintf(&hosts_dir, "%s" SLASH "hosts", confbase);
 	xasprintf(&prompt, "%s> ", identname);
@@ -2510,10 +2523,12 @@ static int cmd_verify(int argc, char *argv[]) {
 	char *newline = memchr(data, '\n', len);
 	if(!newline || (newline - data > MAX_STRING_SIZE - 1)) {
 		fprintf(stderr, "Invalid input\n");
+		free(data);
 		return 1;
 	}
 
 	*newline++ = '\0';
+	size_t skip = newline - data;
 
 	char signer[MAX_STRING_SIZE] = "";
 	char sig[MAX_STRING_SIZE] = "";
@@ -2521,11 +2536,13 @@ static int cmd_verify(int argc, char *argv[]) {
 
 	if(sscanf(data, "Signature = %s %ld %s", signer, &t, sig) != 3 || strlen(sig) != 86 || !t || !check_id(signer)) {
 		fprintf(stderr, "Invalid input\n");
+		free(data);
 		return 1;
 	}
 
 	if(node && strcmp(node, signer)) {
 		fprintf(stderr, "Signature is not made by %s\n", node);
+		free(data);
 		return 1;
 	}
 
@@ -2540,6 +2557,8 @@ static int cmd_verify(int argc, char *argv[]) {
 	memcpy(data + len, trailer, trailer_len);
 	free(trailer);
 
+	newline = data + skip;
+
 	char fname[PATH_MAX];
 	snprintf(fname, sizeof fname, "%s" SLASH "hosts" SLASH "%s", confbase, node);
 	FILE *fp = fopen(fname, "r");
@@ -2817,8 +2836,10 @@ static int cmd_shell(int argc, char *argv[]) {
 		if(nargc == argc)
 			continue;
 
-		if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit"))
+		if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) {
+			free(nargv);
 			return result;
+		}
 
 		bool found = false;